Secure Socket Layer (SSL) is a security protocol that enables Web sites to pass sensitive information securely in an encrypted format. If you have noticed a URL in your browser that starts with “https://”; this tells you the Web page is using SSL. The Web browser will also show some kind of lock icon to indicate a secure connection.

Follow the steps below to enable SWI for SSL.


Step One - Setup a Digital Certificate

Follow the steps below to setup a digital certificate for use by the Apache server on the system running SWI.

  1. Skip to Step 2 if you already have a certificate available to use on your system.
     
  2. Go to the Digital Certificate Manager (DCM):
    http://hostname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0.
     
  3. In the navigation frame of DCM, select Create New Certificate Store.
     
  4. Select *SYSTEM as the certificate store to create and press Continue.
     
  5. Select Yes to create a certificate as part of creating the *SYSTEM certificate store and press Continue.
     
  6. Select Local Certificate Authority.
     
  7. Supply the required names and descriptions for the store and for the certificate.
     
  8. Press Continue to complete creation of the certificate.

For reference, see:
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frzahu%2Frzahurazhudigitalcertmngmnt.htm


Step Two - Configure the Apache Server

Follow the steps below to configure the Apache server for SSL.

Note: This only works when running SWI on PORT 80.

  1. Open ‘HTTP Admin Web Administration for I5/OS’ for your server instance.
     
  2. In the left pane under Server Properties, select General Server Configuration and add port 443 under port 80. Press Continue, and then Apply.
     
  3. In the left pane select Server Properties\Virtual Hosts. Position to the IP-based tab.
     
  4. Click the Add button in the right pane under ‘Virtual Host Containers’. In the IP address/Hostname drop-down, select All IP Address. For the Port, enter 443 for the SSL port. Press Continue, and then Apply.
     
  5. In the upper center/right of the screen, find the Server Area drop down. Select Virtual Host *:443.
     
  6. In the left pane, select Security. In the right pane select the SSL with Certificate Authentication tab.
     
  7. In the SSL drop down, select Enabled.
     
  8. Next to Server certificate application name, press the drop-down arrow and select the appropriate name: QIBM_HTTP_SERVER_”yourinstancename”.
     
  9. On this same screen, slide down to the HTTPS_PORT environment variable and enter 443 for your SSL port and press Apply.
     
  10. Go to the Digital Certificate manager (DCM):
    http://hostname:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0.
     
  11. Sign onto the *SYSTEM store.
     
  12. Select Work with server applications listed under Fast Path .
     
  13. Select the button beside your Apache instance name, and then press the Work With Application button.
     
  14. Press the Update Certificate Assignment button.
     
  15. Select the certificate that you want to assign to the application, and press the Assign New Certificate button.
     
  16. Stop and restart the Apache server instance. SSL is now enabled.

For reference, see:
https://www-304.ibm.com/support/docview.wss?uid=nas198591216e00b600d862573fc006d753d

Users accessing SWI will be warned by the browser about an untrusted site. This can be avoided by using a public Internet Certificate Authority for your certificate, but that involves a cost and is beyond the scope of this simple implementation.

 

 

 

 

 


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 21, 2017